Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-41447

    A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.... Read more

    Affected Products : opencms
    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-9868

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.1... Read more

    Affected Products : element_pack
    • Published: Nov. 02, 2024
    • Modified: Nov. 04, 2024

  • 5.4

    MEDIUM
    CVE-2024-9805

    A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cro... Read more

    Affected Products : blood_bank_system blood_bank_system
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 5.4

    MEDIUM
    CVE-2024-9662

    The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : cyan_backup
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-9599

    The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : popup_box popup_box
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-9629

    The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 5.4

    MEDIUM
    CVE-2024-9709

    The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : ekc_tournament_manager
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-9663

    The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : cyan_backup
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-9588

    The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possibl... Read more

    Affected Products : category_and_taxonomy_meta_fields
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-9630

    The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages t... Read more

    Affected Products : wps_telegram_chat wps_telegram_chat
    • Published: Oct. 25, 2024
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2024-9583

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, an... Read more

    Affected Products : rss_aggregator
    • Published: Oct. 23, 2024
    • Modified: Oct. 25, 2024

  • 5.4

    MEDIUM
    CVE-2024-9141

    Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the ex... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 5.4

    MEDIUM
    CVE-2024-9033

    A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument... Read more

    • Published: Sep. 20, 2024
    • Modified: Sep. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-9020

    The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe... Read more

    Affected Products : list_category_posts
    • Published: Jan. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-9007

    A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack re... Read more

    Affected Products : 123solar
    • Published: Sep. 19, 2024
    • Modified: Sep. 25, 2024

  • 5.4

    MEDIUM
    CVE-2023-48481

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-8647

    An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was ena... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-8397

    The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the '... Read more

    Affected Products : gdpr_cookie_consent
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-8125

    Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to car... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-8123

    The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This ma... Read more

    Affected Products : wp_extended
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 293620 Results